https://gcc.gnu.org/bugzilla/show_bug.cgi?id=123444
Bug ID: 123444
Summary: [16 Regression] [RISCV] [Miscompile] GCC - riscv64
target, miscompiles at -O3 since
ca8d97f8cb8d282c190183e9c297d5e0490bab4e
Product: gcc
Version: 16.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: tree-optimization
Assignee: unassigned at gcc dot gnu.org
Reporter: skothadiya at whileone dot in
Target Milestone: ---
Created attachment 63251
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=63251&action=edit
Attached reduced testcase
Description:
The C code involve for loops on various datatypes, compiles correctly on x86_64
and produces the expected output. However, when compiled for the riscv64
architecture, the resulting binary yields an incorrect value. The expected
output is 1, but the program returns 0. This miscompilation occurs specifically
with optimization enabled at level -O3.
Compiler flags:
-march=rv64gcv_zvl1024b -mrvv-vector-bits=zvl -mrvv-max-lmul=dynamic -O3
Reproduction Steps:
1. Compile the test case with GCC for riscv64 using the -O3 flag.
2. Execute the compiled binary.
3. Observe the output.
COMMANDS:
/mnt/data1/sujayk/cifuzz-pad/riscv-gnu-toolchain-build/bin/riscv64-unknown-linux-gnu-gcc
-march=rv64gcv_zvl1024b -mrvv-vector-bits=zvl -mrvv-max-lmul=dynamic -O3 red.c
-o user-config.out -fsigned-char -fno-strict-aliasing -fwrapv
-Wno-unknown-warning-option -Werror -Wfatal-errors -Wall -Wformat
-Wno-int-in-bool-context -Wno-dangling-pointer
-Wno-compare-distinct-pointer-types -Wno-overflow -Wuninitialized
-Warray-bounds -Wreturn-type -Wno-unused-function -Wno-unused-variable
-Wno-unused-but-set-variable -Wno-unused-value -Wno-address -Wno-bool-compare
-Wno-pointer-sign -Wno-bool-operation -Wno-tautological-compare
-Wno-self-assign -Wno-implicit-const-int-float-conversion
-Wno-constant-conversion -Wno-unused-value
-Wno-tautological-constant-out-of-range-compare -Wno-constant-logical-operand
-Wno-parentheses-equality -Wno-pointer-sign
gcc -O1 red.c -o native.out -fno-strict-aliasing -fwrapv -w
QEMU_CPU=rv64,vlen=1024,rvv_ta_all_1s=true,rvv_ma_all_1s=true,v=true,vext_spec=v1.0,zve32f=true,zve64f=true
timeout --verbose -k 0.1 4 /riscv-gnu-toolchain-build/bin/qemu-riscv64
user-config.out 1
0
timeout --verbose -k 0.1 1 ./native.out 1
1
//Expected Output: 1
//Actual Output: 0
-- testcase (red.c) --
int printf(const char *, ...);
long long a;
int b = 3064864;
char c = 7;
long d = -3999289147344557351LL + 3999289147344557369;
_Bool e = 1;
short f[59];
int main() {
for (long i=0; i<19; ++i)
f[i] = 25158;
for (int j=0; j<d; j+=4)
for (char k=0; k<8; k+=b) {
int l = c ? f[j] : 0;
e = l ? e : l;
}
a = (int)e;
printf("%llu\n", a);
}
The issue is Found via fuzzer.
